Sharing encrypted items with participants verification

ABSTRACT

A method and apparatus for establishing a trust relationship between users is disclosed. The apparatus includes at least two user devices containing the Application, a service provider server (SPS) comprising an application programming interface (API), a network communicably coupling the sender device, the receiver device and the SPS, and an out-of-band (OOB) channel, separate from the network, communicably coupling the sender device and the receiver device. The method includes obtaining a receiver&#39;s Public Key provided by an Application Programming Interface (API) on an service provider server, encrypting a verification message with the Receiver&#39;s Public key and the Sender&#39;s Private Key, sending the encrypted verification message from the Sender&#39;s device to the Receiver&#39;s device through the out-of-band channel, decrypting the encrypted verification message using Receiver&#39;s Private Key and Sender&#39;s Public Key, and communicating decrypted verification message via out-of-band channel.

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application is a continuation of U.S. application patent Ser. No.16/745,334, filed Jan. 16, 2020, the entire disclosure of which ishereby incorporated by reference.

TECHNICAL FIELD

Aspects of the disclosure relate to computer hardware and software inprotecting access to data via a platform, e.g. using keys or accesscontrol rules. The present embodiments relate to the networkarchitectures or network communication protocols for network securityfor supporting key management in a packet data network for key exchange,more specifically, exchanging the respective security keys directlybetween two communicating parties. In particular, one or more aspects ofthe disclosure generally relate to storing, using and exchanging/sharingencrypted data (such as passwords or other digital items) in a securefashion.

BACKGROUND

Applications with password or item sharing feature that encrypt theitems to be protected, and rely on the service provider backendinfrastructure to store the encrypted items currently allow the serviceprovider to bypass the encryption of item, improperly gain access tosaid items without alerting the owner of the data. This is because thepublic keys of the sharing participants do not benefit from mutualauthentication. This would allow the service provider to obtain accessto all shared items without the sender or the recipient being able todetect that something went wrong: when a user initiates sharing of anencrypted item the service provider would simply advertise a fake publickey for the item recipient, causing the sender to share the item to theservice provider i.e. the wrong recipient. The service provider can thenre-share the obtained item to the correct recipient intended originally,thereby avoiding any suspicion from either Sender or Receiver.

The proposed solution provides a safe way for the user to share theencrypted passwords or other digital items without any fear that suchinformation can be obtained by the service provider or any other thirdparty (hacker attack or rogue employee).

The following sections will elaborate and clarify the technology notionsthe solution employs, is dependent upon or is related to, such asencryption in general, authentication methodologies and attack vectorsmitigation.

In cryptography, encryption is the process of encoding a message orinformation in such a way that only authorized parties can access it andthose who are not authorized cannot. Encryption does not itself preventinterference but denies the intelligible content to a would-beinterceptor. In an encryption scheme, the intended information ormessage, referred to as plaintext, is encrypted using an encryptionalgorithm—a cipher—generating ciphertext that can be read only ifdecrypted. For technical reasons, an encryption scheme usually uses apseudo-random encryption key generated by an algorithm. It is inprinciple possible to decrypt the message without possessing the key,but, for a well-designed encryption scheme, considerable computationalresources and skills are required. An authorized recipient can easilydecrypt the message with the key provided by the originator torecipients but not to unauthorized users.

Symmetric and asymmetric cryptographic systems are two major approachesto encryption technique. Symmetric-key cryptography refers to acryptographic system that employs the same key for both data encryptionand decryption. This means that all participants of the data exchangemust know the same key to be able to securely send the encrypted messageand to decrypt the encrypted messages received.

Therefore, the key shared among parties, but having to stay secret to3rd parties—in order to keep communications private—is considered ashared secret. No adversary can decrypt the message without knowing thesecret key without dedicating significant resources for breaking theencryption without knowing the right keys. The quality of the encryptionscheme is judged by how prohibitive the cost of such breaking is.

Public-key cryptography, or asymmetric cryptography, refers to acryptographic system that uses pairs of keys: public keys which are tobe accessible freely, and private keys which are only accessible to theowner. The generation of such keys depends on cryptographic algorithmsbased on mathematical problems to produce one-way functions. Effectivesecurity only requires keeping the private key private; the public keycan be openly distributed without compromising security.

In such a system, any person can encrypt a message using the receiver'spublic key, but that encrypted message can only be decrypted with thereceiver's private key.

Robust authentication is also possible. A sender can combine a messagewith a private key to create a short digital signature on the message.Anyone with the sender's corresponding public key can combine the samemessage and the supposed digital signature associated with it to verifywhether the signature was valid, i.e. made by the owner of thecorresponding private key.

Two of the best-known uses of public key cryptography are: 1) Public keyencryption, in which a message is encrypted with a recipient's publickey. The message cannot be decrypted by anyone who does not possess thematching private key, who is thus presumed to be the owner of that keyand the person associated with the public key. This is used in anattempt to ensure confidentiality. 2) Digital signatures, in which amessage is signed with the sender's private key and can be verified byanyone who has access to the sender's public key. This verificationproves that the sender had access to the private key, and therefore islikely to be the person associated with the public key. This alsoensures that the message has not been tampered with, as a signature ismathematically bound to the message it originally was made with, andverification will fail for practically any other message, no matter howsimilar to the original message.

Public key algorithms are fundamental security ingredients in moderncryptosystems, applications and protocols assuring the confidentiality,authenticity and non-reputability of electronic communications and datastorage. They underpin various Internet standards, such as TransportLayer Security (TLS), S/MIME, PGP, and GPG. Some public key algorithmsprovide key distribution and secrecy (e.g., Diffie-Hellman keyexchange), some provide digital signatures (e.g., Digital SignatureAlgorithm), and some provide both (e.g., RSA).

Authenticated encryption (AE) and authenticated encryption withassociated data (AEAD) are forms of encryption which simultaneouslyassure the confidentiality and authenticity of data. These attributesare provided under a single, easy to use programming interface.

An important part of cryptography is the notion of key derivation, wherea key derivation function (KDF) derives one or more secret keys from asecret value such as a master key, a password, or a passphrase using apseudorandom function. KDFs can be used to stretch keys into longer keysor to obtain keys of a required format, such as converting a groupelement that is the result of a Diffie-Hellman key exchange into asymmetric key for use with AES. Keyed cryptographic hash functions arepopular examples of pseudorandom functions used for key derivation.

An important cryptography concept that is relevant within the issue ofkey derivation is salt, i.e. random data that is used as an additionalinput to a one-way function that “hashes” the input data, a password orpassphrase. Salts are used to safeguard passwords in storage.Historically a password was stored in plaintext on a system, but overtime additional safeguards developed to protect a user's passwordagainst being read from the system. A salt is one of those methods.

A new salt is randomly generated for each password. In a typicalsetting, the salt and the password (or its version after Key stretching)are concatenated and processed with a cryptographic hash function, andthe resulting output (but not the original password) is stored with thesalt in a database. Hashing allows for later authentication withoutkeeping, and therefore risking, the plaintext password if theauthentication data store is compromised.

Salts defend against a pre-computed hash attack. Since salts do not haveto be memorized by humans, they can make the size of the hash tablerequired for a successful attack prohibitively large without placing aburden on the users. Since salts are different in each case, they alsoprotect commonly used passwords, or those users who use the samepassword on several sites, by making all salted hash instances for thesame password different from each other.

Cryptographic salts are broadly used in many modern computer systems,from Unix system credentials to Internet security.

Salts are closely related to the concept of a cryptographic nonce, whichis an arbitrary number that can be used just once in a cryptographiccommunication. It is similar in spirit to a nonce word, hence the name.It is often a random or pseudo-random number issued in an authenticationprotocol to ensure that old communications cannot be reused in a replayattack. They can also be useful as initialization vectors and incryptographic hash functions, both important concepts to elaborate upon.

A cryptographic hash function (CHF) is a hash function that is suitablefor use in cryptography. It is a mathematical algorithm that maps dataof arbitrary size (often called the “message”) to a bit string of afixed size (the “hash value”, “hash”, or “message digest”) and is aone-way function, that is, a function which is practically infeasible toinvert. Ideally, the only way to find a message that produces a givenhash is to attempt a brute-force search of possible inputs to see ifthey produce a match or use a rainbow table of matched hashes.Cryptographic hash functions are a basic tool of modern cryptography.

In cryptography, key stretching techniques are used to make a possiblyweak key, typically a password or passphrase, more secure against abrute-force attack by increasing the resources (time and possibly space)it takes to test each possible key. Passwords or passphrases created byhumans are often short or predictable enough to allow password cracking,and key stretching is intended to make such attacks more difficult bycomplicating a basic step of trying a single password candidate. Becausea key generation function must be deterministic so that the weak keyalways generates the same stretched key (called an enhanced key), thestretching of the key does not alter the entropy of the key-space, onlycomplicates the method of computing the enhanced key. Attacks onunsalted key stretching functions exist called rainbow tables. Saltingthe key is the process of appending a long, random string to the weakkey. This is done so that precomputed hashes of either short keys orpassword lists cannot be used in authentication schemes that require thehash to be presented or to reverse hashes into their originalpass-phrases which may be used to compromise users on other servicesusing the same pass-phrase.

Another relevant part of the context the current embodiment works withinis the concept of Multi-factor authentication (MFA). MFA is anauthentication method in which a computer user is granted access onlyafter successfully presenting two or more pieces of evidence (orfactors) to an authentication mechanism: knowledge (something the userand only the user knows), possession (something the user and only theuser has), and inherence (something the user and only the user is).

Two-factor authentication (also known as 2FA) is a type, or subset, ofmulti-factor authentication. It is a method of confirming users' claimedidentities by using a combination of two different factors: 1) somethingthey know, 2) something they have, or 3) something they are.

Several attack vectors are especially relevant within the context ofexchanging data in a secure and protected fashion between users that arenot part of the same mutually verified trusted platform.

A replay attack (also known as playback attack) is a form of networkattack in which a valid data transmission is maliciously or fraudulentlyrepeated or delayed. This is carried out either by the originator or byan adversary who intercepts the data and re-transmits it, possibly aspart of a masquerade attack by IP packet substitution. This is one ofthe lower tier versions of a “Man-in-the-middle attack” (MITM).

In cryptography and computer security, a man-in-the-middle attack is anattack where the attacker secretly relays and possibly alters thecommunications between two parties who believe that they are directlycommunicating with each other. One example of a MITM attack is activeeavesdropping, in which the attacker makes independent connections withthe victims and relays messages between them to make them believe theyare talking directly to each other over a private connection, when infact the entire conversation is controlled by the attacker. The attackermust be able to intercept all relevant messages passing between the twovictims and inject new ones. This is straightforward in manycircumstances; for example, an attacker within the reception range of anunencrypted wireless access point could insert themselves as aman-in-the-middle.

As it aims to circumvent mutual authentication, a MITM attack cansucceed only when the attacker impersonates each endpoint sufficientlywell to satisfy their expectations. Most cryptographic protocols includesome form of endpoint authentication specifically to prevent MITMattacks.

SUMMARY

Embodiments of the present invention provide an improved system ofencrypted Item 210 that overcomes the problems and limitations of theprior art. Particularly, embodiments of the present invention provide asystem and method of encrypting a digital Item 210 and associating thesaid Item 210 with a recipient or group of recipients, wherein only anauthorized recipient is provided a key for decrypting the message oroptionally the authorized recipient's identity must also be verified ina reliable fashion.

According to an embodiment, a reliable and secure method for sharingencrypted Items 210 comprises authenticating the Sender against APIdatabase and obtaining an authentication token from API for the durationof a session. “Authenticating against” means authenticate user bycomparing the credentials user provides with the customer databaserecord Service provider holds. The method may be performed, for example,by a computer executable program (or an application), at least a part ofwhich is stored on a computer-readable medium.

When the user is authenticated within the Application 202, the user maybe prompted to provide entropy data necessary for derivation of theencryption keys e.g. in the format of a Master password. In computing,entropy is the randomness collected by an operating system orapplication for use in cryptography or other uses that require randomdata. This randomness is often collected from hardware sources (variancein fan noise or HDD), either pre-existing ones such as mouse movementsor specially provided randomness generators. The Application 202 may usethe entropy user provided, e.g. the Master password, together with someadditional entropy, ‘salt’ added further thereon, to derive a symmetricMaster key 204 for encrypting Sender's Private key, of the Sender'sasymmetric key pair. The ‘salt’ is necessary to compensate for thepossibility of Master password being too short or not complex enough forproducing a reliably secure key.

Each protected Item 210 is assigned by the Application 202 a unique itemidentification and is encrypted with an individual symmetric itemencryption key, Item Key 208 further on. Item Key 208 is a symmetric keyused to encrypt the very item user wants protected. These symmetric keysare generated by the Application 202 on a one-to-one basis forencrypting and decrypting a particular item, such as a set of usercredentials. Item Key 208 is correspondingly encrypted with the user'sPublic Key, of the user's asymmetric key pair, generated by theApplication 202 when registering the user. The Private Key, of theuser's asymmetric key pair, generated by the Application 202 whenregistering the user, is used for decrypting the Item Keys, and iscorrespondingly encrypted with a symmetric Master key 204, derived fromthe Master password and Salt 212.

Both items and their corresponding Item Keys 208, as well as the user'sPublic Key 214, are stored online within the API 300. FIG. 3 shows thevarious keys, as well as other data, stored inside the API. The ItemKeys 208 are each encrypted with the user's Public Key 214 beforeplacing them within API database. User's corresponding Private key isused to decrypt the symmetric keys. The Private key is placed within theUser device 200, unencrypted when necessary, otherwise always encryptedwith the user's symmetric Master key 204 and is never stored unencryptedanywhere else except for the User device 200. In the current embodiment,encryption/decryption operations are transparent i.e. are performed bythe Application 202 when requested by the user through GUI. So, theoption of selecting a specific key, substituting keys is concealed fromthe user. However, the options of encryption/decryption operations, e.g.the selection of encryption keys, may be visible to the user, i.e. thistechnical specification should not limit the scope of the embodiment.

The computer executable program comprises code segments for enabling auser to share an encrypted item with another user, verifying thereceiving user along the way and possibly allowing the Sender to verifythe Receiver.

A code segment within Application 202 enables a user initiating thesharing, Sender further on in the document, to provide input forderiving the symmetric Master key 204 when prompted by the Application202 while launching said application, e.g. the Application 202 prompts auser to provide the Master password. When derived, the Master key 204allows Sender to decrypt and access Sender's Private key thus gettingfull access to all the Item Keys. Sender further obtains the itemidentification and Item Key from API 300 and locally decrypts the ItemKey 208 with Sender's Private key 206. Thus, during the initial steps ofthe Sharing flow the Sender obtains the item identification of the itemit wishes to share, as well as all the encryption keys necessary to gainaccess to the item and to authenticate the Sender as the user initiatingthe Sharing sequence.

To proceed with the item Sharing, Sender may request an identificationof the Receiver from API by providing Receiver's email address.Receiver's identification may be provided in the format of Receiver'sPublic Key 214, of the Receiver's asymmetric key pair. The Sender'sapplication may store and use the Receiver's Public Key 214 locally inorder to perform verification operation according to the flow describedbelow.

Sender further encrypts the Item Key 208, of the item that is to beshared, with Receiver's Public Key 214, and stores the result within API300, together with the item's identification.

In case the Receiver's Public Key 214 is not accessible to the Sender,the Sender records the information about the pending share in API 300,signing this information with Sender's Private Key 206. The informationincludes Sender's identification, Item Identification, Receiver's emailand Sender's digital signature.

Another code segment within Application 202 enables Receiver to verifythe Sender, i.e. to ensure that the initiator of sharing an item isindeed the person declared, as opposed to any party that might try toimpersonate the legitimate sender most of all—to prevent the serviceprovider from substituting the Public Key 214 that are necessary forsharing flow with its own set of public keys, therefore obtaining accessto the data shared and avoiding detection by the end users—Sender andReceiver. To achieve this Sender obtains Receiver's Public Key 214provided by API for the specified email. Other means to identify theReceiver may be first name and second name coupled with an enterpriseidentification, social networks' or instant messaging platforms'identity. Using Receiver's Public Key 214 and Sender's Private KeySender encrypts a random message in application and shares encryptedvalue with Receiver via out-of-band channel. Henceforth Receiverdecrypts (using Receiver's Private Key and Sender's Public Key 214) theencrypted value and communicates the value via out-of-band channel toSender. Consequently, trust is established with Receiver signingSender's Public Key 214 and storing the result in API database,correspondingly making it possible to access the signed Sender's PublicKey 214 from any number of devices Receiver might use.

Receiver signs Sender's Public Key 214 with Receiver's Private Key. Thisdigital signature can be verified by anybody who has access to theReceiver's Public Key 214, i.e. virtually anybody. This verificationproves that the person signing Sender's Public Key 214 has access toReceiver's Private Key and is indeed Receiver himself. This also ensuresthat the key signed in this fashion has not been tampered with orchanged in any way, as the signature is mathematically bound to the keyoriginally signed with it, and verification will fail for practicallyany other key, no matter how similar to the original key.

To establish trust in the opposite direction Sender signs Receiver'sPublic Key 214 obtained during the Sharing flow and storing the signedkey in API database which makes it possible to access the signedReceiver's Public Key 214 from any number of devices Sender might use.

According to an embodiment, the Application 202 enables a user toselectively assign encrypted objects access rights, partially or infull, to a user of their choosing.

In another embodiment, the use of multi-factor authentication betweenthe user and API enables additional security and authentication featuressuch as step-up authentication on a per application basis, or secureSingle sign-on in a shared device environment. Single sign-on (SSO) is aproperty of access control of multiple related, yet independent,software systems. With this property, a user logs in with a single IDand password to gain access to any of several related systems.

Some aspects described herein may provide mutual user verification isprovided in the absence of a trusted authority platform. Someembodiments may provide the ability to maintain a certificate, or othertypes of security tokens, as a shared encrypted item coupled with anexternal enrollment mechanism. With the certificates securely stored inthis fashion, applications may access the certificate/virtual smart cardonce the user provides his input for deriving the Master Key 204 and theApplication 202 registers with the Application 202 backend.

Some aspects described herein may provide a step-up authentication on aper-application basis. A private customer or enterprise resources mayrequire a higher assurance authentication. In some embodiments, theApplication 202 may retrieve the higher assurance authorization andstore the credentials for the particular resource in an encrypted formthat also allows for sharing said set of credentials in a secure manner.As a result, step-up authentication may be provided on a per-applicationbasis while maintaining single sign on features as to other resources.

Some aspects described herein may provide support for multiple users ona shared device. The device may maintain more than one user context forthe encryption protection application. When a user switch is detected,such as when one user logs off or another user enters their passcode,the device may seamlessly switch contexts to reflect information andcredentials associated with the new user.

These and other important aspects of the present invention are describedmore fully in the detailed description below.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a component diagram of a computing system that may be theparticipant of an encryption protection application setup.

FIG. 2 is a component diagram of an Application user device.

FIG. 3 is a component diagram of API

FIG. 4 is a depiction of encrypted item sharing method 400.

FIG. 5 is to support application user verification method 500.

FIG. 6 is a demonstration of an exemplary method involving the presentembodiments. As shown in the diagram, the method 400 involves a customerof the encryption protection application sharing an encrypted item withanother customer of said application.

FIG. 7 is a display of a method comprising the present embodiments.Demonstrated in the diagram is the method 500 that involves a customerof the encryption protection application initiating a verification flowin order to validate another customer of said encryption protectionapplication.

FIG. 8 is an architectural layout of an apparatus for sharing encrypteditems with participants verification.

DETAILED DESCRIPTION

Some general terminology definitions as well as descriptions ofinvention components and participants may be helpful and are includedherein for convenience and are intended to be interpreted in thebroadest possible interpretation:

Application 202—a computer program, a computer code, a set ofinstructions executed within the User device with the particular purposeof protecting digital objects and items with encryption, sharing theprotected objects and items with other users of the same application, aswell as verifying other users of the same application.

User device 200—a computing device where a person installs and executesthe application. The person can be a Sender or a Receiver, or both.

Sender—a role that a computer user assumes when initiating a Sharing ofan encrypted item with another computer user.

Receiver—a role that a computer user is assigned when an encrypted itemhas been shared with the said user, for example from the Sender.

API (300)—the designated name of the sum of programmatic endpoints forcommunication between the service provider and Application 202 users.Service provider can be any legal entity, that owns and is responsiblefor the functioning of API. In the context of the described embodimentsservice provider can be represented by a Service Provider Server (SPS),a computing device that has the programmatic code of API 300 deployedand executed within. The provider participates in sharing andverification workflows as an assisting mediator and is not intended tohave access to the decrypted items or the cryptographic keys necessaryto decrypt said items. API also contains data comprised of userattributes, encrypted items and corresponding Item encryption Keys,stored in API in an encrypted form.

Out-of-band channel, or OOB—the exchange of messages or data betweenSender and Receiver that circumvents API, be it a direct contact, aphone call, email communication, SMS communication, communication by anychat application or any other channel that is not related to the API.

Master Key 204—a symmetric encryption key, which is unique for each userof the solution, and is derived from a Master password known only to auser. Additionally, the Master Key 204 includes additional entropy, e.g.Salt 212, which is unique to each user, provided by the serviceprovider. The Master Key 204 is used to encrypt a Private Key 206 of anasymmetric key pair of the user.

Public Key 214—the public part of an asymmetric key pair belonging tothe user. This key is publicly accessible to everyone, e.g. another userof the Application 202. This key is used to encrypt data so that onlythe owner of the corresponding private key can decrypt the data. Thesecondary function of the Public Key 214 is to verify cryptographicsignatures produced with the corresponding private key. According tosome embodiments, the Public Key 214 is also employed to encrypt ItemKeys 208 to protect the Item Keys 208 from being accessed by anyoneexcept the legitimate owner of the corresponding asymmetric key pair.

Private Key 206—the private part of the asymmetric key pair belonging tothe user. This key is kept secret and is not supposed to be accessibleto an entity other than the owning user. The primary function of the keyis to decrypt the data encrypted with the corresponding Public Key 214.The secondary function is to cryptographically sign a piece of data, forexample a particular item belonging to a user. The signature can beverified by anyone who can access the corresponding Public Key 214.According to some embodiments, the Private Key 206 is used to decryptitem keys before they can be used to access protected items.

Item—any object stored in API, accessed through the Application 202,protected by encrypting an object or item with an individual symmetricItem Key 208.

Item Key 208—a symmetric key, created for individually encrypting asingle protected item. This key is encrypted by the user's Public Key214 and can only be decrypted with the user's Private Key 206.Verification message—an arbitrary string of characters, numbers andsymbols, that when encrypted by Sender and communicated to Receiver, isa prerequisite for user verification.

The current embodiments disclose a computer implemented method forestablishing a two-way trust between users of the Application 202. Thedisclosed method comprises: obtaining, at a Sender's device, areceiver's Public Key 214 provided by API; encrypting, at the Sender'sdevice, a verification message with the Receiver's Public Key 214 andthe Sender's Private Key 206; sending the encrypted verification messagefrom the Sender's device to the Receiver's device through theout-of-band channel; decrypting, at the Receiver's device, the encryptedverification message using Receiver's Private Key 206 and Sender'sPublic Key 214; communicating, from the Receiver to the Sender,decrypted verification message via out-of-band channel 602; confirmingby the Sender that the decrypted verification message, communicated bythe Receiver, is identical to the verification message encrypted by theSender; establishing, by the Receiver, a one-way trust by signing theSender's Public Key 214 at the Receiver's device, with the Receiver'sPrivate Key 206; signing, at the Sender's device, the Receiver's PublicKey 214 with the Sender's Private Key 206, to establish a two-way trust.

In the verification method, the signed Sender's Public Key 214 is storedin at least one of the following: the API, the Receiver's device, or adatabase, accessible from the Application 202 user's device. The API isprovided by a service provider server, serving as a communicationmediator between the Sender's device and the Receiver's device duringverification flow.

During the verification flow, the out-of-band channel 602 is used. Itcan be at least one of the following: a direct conversation, phone call,email communication, SMS, communication by an Internet chat application,or any other communication channel that does not rely upon the API. Theasymmetrical encryption method is used.

The disclosed method also describes the sharing of an encrypted itemwith another user of the Application 202. The sharing contains thefollowing steps: requesting, from the sender to the API, receiver'sPublic Key 214 by providing at least one of an email ID or otheridentifying information of the receiver to the API; receiving, at thesender device, Receiver's Public Key 214 from the API; encrypting anItem Key 208 with Receiver's Public Key 214, the individual Item Key 208corresponding to an Item 210 to be sent from the Sender's device to theReceiver's device; sending, from the Sender's device, the encrypted ItemKey 208 to the API with an Item 210 identification; obtaining, at thereceiver device, the encrypted Item Key 208 from the API; decrypting theItem Key 208 with Receiver's Private Key 206; decrypting the Item 210using the decrypted Item Key 208; informing the Sender, by the API,about the access occurring, marking the share as successful within theAPI.

The method for sharing encrypted items, further comprising the steps ofassigning a unique item identification to the Item 210 that is shared;and encrypting the Item 210 using an individual symmetric Item Key 208.

In case the Receiver's Public Key 214 is not accessible to the Sender,the Sender records the information about the attempted share in API 300,signing this information with Sender's Private Key 206. The informationincludes Sender's identification, Item Identification, Receiver's emailand Sender's digital signature. In such a scenario, Receiver generatesan asymmetric key pair at the Receiver's device and makes the Receiver'sPublic Key 214 available to the Sender for download of the Receiver'sPublic Key 214 from API 300.

The embodiments also disclose an apparatus for establishing a trustrelationship between users. The apparatus comprises: a sender devicecontaining the Application; a receiver device containing theApplication; a service provider server (SPS) containing the applicationprogramming interface (API); a network communicably coupling the senderdevice, the receiver device and the SPS; and an out-of-band (OOB)channel, separate from the network, communicably coupling the senderdevice and the receiver device, wherein the apparatus performs a methodof: obtaining, at a Sender's device, a receiver's Public Key provided byan Application Programming Interface (API), encrypting, at the Sender'sdevice, a verification message with the Receiver's Public key and theSender's Private Key, sending the encrypted verification message fromthe Sender's device to the Receiver's device through the out-of-bandchannel, decrypting, at the Receiver's device, the encryptedverification message using Receiver's Private Key and Sender's PublicKey, communicating, from the Receiver to the Sender, decryptedverification message via out-of-band channel, confirming by the Senderthat the decrypted verification message, communicated by the Receiver,is identical to the verification message encrypted by the Sender,establishing, by the Receiver, a one-way trust by signing the Sender'sPublic Key at the Receiver's device, with the Receiver's Private Key.

In the disclosed apparatus the signed Sender's Public Key is stored inat least one of the following: the API, the Receiver's device, or adatabase, accessible from the Application user's device. The API isprovided by a service provider server, serving as a communicationmediator between the Sender's device and the Receiver's device duringverification flow.

In the disclosed method and apparatus, the Application can be astand-alone application installed locally within the user's device orremotely, an application's plug-in, an application executed locally orremotely, or an application made available to the user in any otherform.

The embodiments herein may be combined in a variety of ways as a matterof design choice. Accordingly, the features and aspects herein are notintended to be limited to any particular embodiment. Furthermore, theembodiments can take the form of hardware, firmware, software, and/orcombinations thereof. In one embodiment, such software includes but isnot limited to firmware, resident software, microcode, etc. FIG. 1illustrates a computing system 100 in which a Computer Readable Medium106 may provide instructions for performing any of the methods andprocesses disclosed herein.

Furthermore, some aspects of the embodiments herein can take the form ofa computer program product accessible from the Computer Readable Medium106 to provide program code for use by or in connection with a computeror any instruction execution system. For the purposes of thisdescription, the Computer Readable Medium 106 can be any apparatus thatcan tangibly store the program code for use by or in connection with theinstruction execution system, apparatus, or device, including theComputing System 100.

The Computer Readable Medium 106 can be any tangible electronic,magnetic, optical, electromagnetic, infrared, or semiconductor system(or apparatus or device). Some examples of a Computer Readable Medium106 include solid state memories, magnetic tapes, removable computerdiskettes, random access memories (RAM), read-only memories (ROM),magnetic disks, and optical disks. Some examples of optical disksinclude read only compact disks (CD-ROM), read/write compact disks(CD-R/W), and digital versatile disks (DVD).

The Computing System 100 can include one or more processors 102 coupleddirectly or indirectly to Program and Data Memory 108 through a systembus 110. The Program and Data Memory 108 can include local memoryemployed during actual execution of the Application 202, bulk storage,and/or cache memories, which provide temporary storage of at least someof the program code in order to reduce the number of times the code isretrieved from bulk storage during execution.

Input/output (I/O) devices 104 (including but not limited to keyboards,displays, pointing devices, I/O interfaces, etc.) can be coupled to theComputing System 100 either directly or through intervening I/Ocontrollers. Network adapters may also be coupled to the ComputingSystem 100 to enable the Computing System 100 to couple to other dataprocessing systems, such as through Host Systems Interfaces 112,printers, and/or or storage devices through intervening private orpublic networks. Modems, cable modems, and Ethernet cards are justexamples of network adapter types.

FIG. 1 is a component diagram of a Computing System 100 that shows anoverall hardware architecture of a computer system that is running theApplication 202. The Computing System 100 combines I/O devices 104,Processor 102, Computer Readable Medium 106, Program and Data Memory108, Host Systems Interfaces 112. The Computing System 100 is a Userdevice 200.

FIG. 2 is a component diagram of elements that are contained within Userdevice 200. The User device 200 contains at least the following:computer Application 202, Master Key 204, Private Key 206, Item Key 208,Item 210, Salt 212, Public Key 214.

FIG. 3 is a component diagram of the API 300. API 300 contains Usersdata, such as: User Public Key 214 and User Salt 212. API also containsProtected items and keys: Item Key 208 encrypted with User Public Key214 and encrypted Item 210. Items and keys contained therein are theencrypted versions of objects in User device 200, or objects publiclyavailable.

FIG. 4 is a sequence diagram of a method 400 for sharing an Itemencrypted 308, according to embodiments of the present invention. Atstep 402, sender opens an Item 210 locally and decrypts the Item 210. Atstep 404, the sender obtains Receiver's Public Key from API at serviceprovider. Next, as step 406, the sender encrypts Item Key 208 withReceiver's Public Key. Next, at step 408, the Sender stores encryptedItem Key 208 and the corresponding Item 210 in API, step 408. The Senderlaunches the verification, step 410 and notifies Receiver of the sharedItem 210, step 412. Receiver obtains Sender's Public Key, step 414 andverifies the Sender, step 416. By the next step, the Receiver obtainsencrypted Item Key from API, step 418. The Receiver decrypts encryptedItem Key locally 420 and obtains Item 210 from API, step 422. Receiverdecrypts Item 210 locally, step 424.

FIG. 5 depicting a method 500 for user verification, as implemented bythe Application 202 of FIG. 2 . The diagram discloses the steps ofReceiver verifying the Sender. Sender obtains from API Receiver's PublicKey, step 502, then Sender generates verification message, step 504.Verification message is encrypted with Receiver's Public Key andSender's Private Key, step 506. Sender sends an encrypted verificationmessage to Receiver through OOB (Out-of-band channel), step 508.Receiver obtains Sender's Public Key from API, step 510. Receiverdecrypts the verification message with Receiver's Private Key andSender's Public Key, step 512. After this step, Receiver communicatesthe decrypted verification message to Sender through OOB, step 514. Ifthe verification messages coincide, Receiver signs Sender's Public Keywith Receiver's Private Key, step 516 and Receiver stores signedSender's Public Key at API, step 518.

FIG. 6 adds additional clarity regarding the initiators of particularsteps and the direction of communication. FIG. 6 shows a method forsharing an Item encrypted with Item Key 308, according to an embodimentof the present invention. At step 402, Sender opens an Item 210 locallyand decrypts the Item 210. At step 404, the sender obtains Receiver'sPublic Key from API at service provider. Next, as step 406, the senderencrypts Item Key 208 with Receiver's Public Key. Next, at step 408, theSender stores encrypted Item Key 208 and the corresponding Item 210 inAPI, step 408. The Sender launches the verification, step 410 andnotifies Receiver of the shared Item 210, step 412. Receiver obtainsSender's Public Key, step 414 and verifies the Sender, step 416. By thenext step, the Receiver obtains encrypted Item Key from API, step 418.The Receiver decrypts encrypted Item Key locally 420 and obtains Item210 from API, step 422. Receiver decrypts Item 210 locally, step 424.For the person skilled in the art it should be clear that theverification flow mentioned in this description can be initiated by anyparticipant of the sharing flow, since in the end of the verificationflow both users have sufficient information to trust their counterpart.Therefore, the trust established based on the verification can beone-way in any direction or two-way. Also it should be noted thatverification is not rigidly attached to a particular place in thesharing flow, therefore it can be launched either by the Sender beforesharing a protected item with another user of the Application, or by theReceiver on getting notification about an Item being shared withReceiver.

FIG. 7 adds additional clarity regarding the initiators of particularsteps and the direction of communication. FIG. 7 depicts a method 500for user verification, as implemented by the Application 202 of FIG. 2 .The diagram discloses the steps of Receiver verifying the Sender. Senderobtains from API Receiver's Public Key, step 502, then Sender generatesverification message, step 504. Verification message is encrypted withReceiver's Public Key and Sender's Private Key, step 506. Sender sendsan encrypted verification message to Receiver through OOB (Out-of-bandchannel), step 508. Receiver obtains Sender's Public Key from API, step510. Receiver decrypts the verification message with Receiver's PrivateKey and Sender's Public Key, step 512. After this step, Receivercommunicates the decrypted verification message to Sender through OOB,step 514. If the verification messages coincide, Receiver signs Sender'sPublic Key with Receiver's Private Key, step 516 and Receiver storessigned Sender's Public Key at API, step 518. For the person skilled inthe art it should be clear that in the current embodiment theverification flow can be initiated by any participant of the sharingflow, since in the end of the verification flow both users havesufficient information to trust their counterpart. Therefore, the trustestablished based on the verification can be one-way in any direction ortwo-way. Also it should be noted that verification is not rigidlyattached to a particular place in the sharing flow, therefore it can belaunched either by the Sender before sharing a protected item withanother user of the Application, or by the Receiver on gettingnotification about an Item being shared with Receiver.

In one aspect, the present embodiments include a system and a method foreffectively sharing encrypted data (such as passwords, access to digitalitems). Those of ordinary skill in the art will realize that thefollowing detailed description of the present embodiments isillustrative only and is not intended to be in any way limiting. Otherembodiments of the present system(s) and method(s) will readily suggestthemselves to such skilled persons having the benefit of thisdisclosure. Reference will now be made in detail to implementations ofthe present embodiments as illustrated in the accompanying drawings. Thesame reference indicators will be used throughout the drawings and thefollowing detailed description to refer to the same or like parts.

Although several embodiments have been described, one of ordinary skillin the art will appreciate that various modifications and changes can bemade without departing from the scope of the embodiments detailedherein. Accordingly, the specification and figures are to be regarded inan illustrative rather than a restrictive sense, and all suchmodifications are intended to be included within the scope of thepresent teachings.

Moreover, in this document, relational terms such as first and second,and the like may be used solely to distinguish one entity or action fromanother entity or action without necessarily requiring or implying anyactual such relationship or order between such entities or actions. Theterms “comprises”, “comprising”, “has”, “having”, “includes”,“including”, “contains”, “containing” or any other variation thereof,are intended to cover a non-exclusive inclusion, such that a process,method, article, or apparatus that comprises, has, includes, contains alist of elements does not include only those elements but may includeother elements not expressly listed or inherent to such process, method,article, or apparatus. An element preceded by “comprises . . . a”, “has. . . a”, “includes . . . a”, “contains . . . a” does not, without moreconstraints, preclude the existence of additional identical elements inthe process, method, article, or apparatus that comprises, has,includes, contains the element. The terms “a” and “an” are defined asone or more unless explicitly stated otherwise herein. The terms“substantially”, “essentially”, “approximately”, “about” or any otherversion thereof, are defined as being close to as understood by one ofordinary skill in the art. The term “coupled” as used herein is definedas connected, although not necessarily directly and not necessarilymechanically. A device or structure that is “configured” in a certainway is configured in at least that way, but may also be configured inways that are not listed.

What is claimed is:
 1. A method comprising: establishing, by a sendersystem, cryptographic trust with a receiver system, wherein establishingcryptographic trust includes: obtaining, from a service provider server,via a first electronic communication network, a public encryption key ofthe receiver system; generating a verification message including firstverification message content; generating a signed, encrypted,verification message by encrypting the verification message using thepublic encryption key of the receiver system and a private encryptionkey of the sender system; sending, via a second electronic communicationnetwork that differs from the first electronic communication network,the signed verification message to the receiver system; receiving, fromthe receiver system, via a third electronic communication network thatdiffers from the first electronic communication network, secondverification message content; and verifying that the first verificationmessage content matches the second verification message content.
 2. Themethod of claim 1, wherein: the public encryption key of the receiversystem is a part of a device-independent asymmetric key pair thatincludes a private encryption key of the receiver system; and theprivate encryption key of the sender system is a part of adevice-independent asymmetric key pair that includes a public encryptionkey of the sender system.
 3. The method of claim 2, wherein generatingthe signed, encrypted, verification message includes: generating anencrypted verification message by encrypting the verification messageusing the public encryption key of the receiver system; and generatingthe signed, encrypted, verification message by encrypting the encryptedverification message using the private encryption key of the sendersystem.
 4. The method of claim 2, wherein establishing cryptographictrust includes: signing the public encryption key of the receiver systemwith the private encryption key of the sender system.
 5. The method ofclaim 2, wherein the third electronic communication network is thesecond electronic communication network, wherein the second electroniccommunication network excludes the service provider server.
 6. Themethod of claim 2, further comprising: sharing, by the sender system, anencrypted digital item with the receiver system, wherein sharing theencrypted digital item includes: obtaining an unencrypted digital item;obtaining an item key for encrypting the digital item; obtaining theencrypted digital item by encrypting the unencrypted digital item usingthe item key; obtaining an encrypted item key by encrypting the item keywith the public encryption key of the receiver system; and outputtingthe encrypted digital item and the encrypted item key to the serviceprovider server, such that the unencrypted digital item is accessible tothe receiver system by: obtaining the encrypted digital item, theencrypted item key, and the public encryption key of the sender systemfrom service provider server; obtaining the item key by decrypting theencrypted item key using the private encryption key of the receiversystem; and obtaining the unencrypted digital item by decrypting theencrypted digital item using the item key.
 7. The method of claim 6,wherein obtaining the item key includes: generating a symmetric key forencrypting the digital item; and using the symmetric key as the itemkey.
 8. The method of claim 6, wherein obtaining the public encryptionkey of the receiver system includes: receiving, from service providerserver, the public encryption key of the receiver system in response tosending, to service provider server, a request to identify the receiversystem.
 9. The method of claim 6, wherein obtaining the item keyincludes: obtaining a second encrypted item key, encrypted with thepublic encryption key of the sender system; and obtaining the item keyby decrypting the second encrypted item key using the private encryptionkey of the sender system.
 10. The method of claim 9, wherein sharing theencrypted digital item includes: obtaining a symmetric master key usinga master password and a salt value; generating the public encryption keyof the sender system and the private encryption key of the sendersystem; and encrypting the private encryption key of the sender systemusing the symmetric master key, such that the private encryption key ofthe sender system is unavailable in the absence of the symmetric masterkey.
 11. A system comprising: a memory storing instructions forestablishing cryptographic trust; a processor that executes theinstructions to establish cryptographic trust between the system and anexternal system, wherein to establish cryptographic trust between thesystem and the external system, the processor executes the instructionto: obtain, from a service provider system, via a first electroniccommunication network, a public encryption key of the external system,wherein the public encryption key of the external system is a part of adevice-independent asymmetric key pair that includes a privateencryption key of the external system; generate a verification messagethat includes first verification message content; generate a signed,encrypted, verification message, wherein, to generate the signed,encrypted, verification message, the processor executes the instructionsto use the public encryption key of the external system and a privateencryption key of the system to encrypt the verification message,wherein the private encryption key of the system is a part of adevice-independent asymmetric key pair that includes a public encryptionkey of the system; send, to the external system, via a second electroniccommunication network that differs from the first electroniccommunication network, the signed verification message; receive, fromthe external system, via a third electronic communication network thatdiffers from the first electronic communication network, secondverification message content; and verify that the first verificationmessage content matches the second verification message content.
 12. Thesystem of claim 11, wherein to generate the signed, encrypted,verification message, the processor executes the instruction to:generate an encrypted verification message, wherein, to generate theencrypted verification message, the processor executes the instructionto use the public encryption key of the external system to encrypt theverification message; and generate the signed, encrypted, verificationmessage, wherein, to generate the signed, encrypted, verificationmessage, the processor executes the instruction to use by the privateencryption key of the system to encrypt the encrypted verificationmessage.
 13. The system of claim 11, wherein, to establish cryptographictrust, the processor executes the instruction to: sign the publicencryption key of the external system, wherein, to sign the publicencryption key of the external system, the processor executes theinstruction to use the private encryption key of the system to encryptthe public encryption key of the external system.
 14. The system ofclaim 11, wherein the third electronic communication network is thesecond electronic communication network, and wherein the secondelectronic communication network excludes the service provider server.15. The system of claim 11, wherein the processor executes theinstruction to: share an encrypted digital item with the externalsystem, wherein, to share the encrypted digital item, the processorexecutes the instruction to: obtain an unencrypted digital item; obtainan item key for encrypting the digital item; obtain the encrypteddigital item, wherein, to obtain the encrypted digital item, theprocessor executes the instruction to use the item key to encrypt theunencrypted digital item; obtain an encrypted item key, wherein, toobtain the encrypted item key, the processor executes the instruction touse the public encryption key of the external system to encrypt the itemkey; and output the encrypted digital item and the encrypted item key tothe service provider server, such that the unencrypted digital item isaccessible to the external system by: obtaining the encrypted digitalitem, the encrypted item key, and the public encryption key of thesystem from service provider server; obtaining the item key bydecrypting the encrypted item key using the private encryption key ofthe external system; and obtaining the unencrypted digital item bydecrypting the encrypted digital item using the item key.
 16. The systemof claim 11, wherein, to obtain the item key, the processor executes theinstruction to: generate a symmetric key for encrypting the digitalitem; and use the symmetric key as the item key.
 17. The system of claim11, wherein, to obtain the public encryption key of the external system,the processor executes the instruction to: receive, from serviceprovider server, the public encryption key of the external system inresponse to sending, to service provider server, a request to identifythe external system.
 18. The system of claim 11, wherein, to obtain theitem key, the processor executes the instruction to: obtain a secondencrypted item key, encrypted with the public encryption key of thesystem; and obtain the item key, wherein, to obtain the item key, theprocessor executes the instruction to use the private encryption key ofthe system to decrypt the second encrypted item key.
 19. The system ofclaim 18, wherein, to share the encrypted digital item, the processorexecutes the instruction to: use a master password and a salt value toobtain a symmetric master key; generate the public encryption key of thesystem and the private encryption key of the system; and use thesymmetric master key to encrypt the private encryption key of thesystem, such that the private encryption key of the system isunavailable in the absence of the symmetric master key.
 20. Anon-transitory computer-readable storage medium, comprising executableinstructions that, are executed by a processor to perform: establishing,by a sender system, cryptographic trust with a receiver system, whereinestablishing cryptographic trust includes: obtaining, from a serviceprovider server, via a first electronic communication network, a publicencryption key of the receiver system; generating a verification messageincluding first verification message content; generating a signed,encrypted, verification message by encrypting the verification messageusing the public encryption key of the receiver system and a privateencryption key of the sender system; sending, via a second electroniccommunication network that differs from the first electroniccommunication network, the signed verification message to the receiversystem; receiving, from the receiver system, via a third electroniccommunication network that differs from the first electroniccommunication network, second verification message content; andverifying that the first verification message content matches the secondverification message content.